On Mon, 2010-06-07 at 14:34 -0700, Brian Dunning wrote:

> I think I must have misstated the problem. Thanks to everyone for the 
> replies, but the question is not how to fix it, it's how to find the script 
> being attacked. Many different admins manage many different sites on this 
> server, and I can't even begin to guess how many mail forms are on there from 
> different programmers.
> I'm currently downloading the logs as Peter suggested, and will take a look. 
> I'm not much of a sysad and I just thought maybe someone might know a way to 
> sniff outgoing email or something, I really don't know how to attack this. 
> Fixing the scripts is a long term solution, obviously, but I need a short 
> term fix other than killing email on the apache account.
> Might be more of a Linux question than a PHP question.

See if you can find all calls to a mail function in PHP. The easiest way
to use a form to send spam is to enter your own headers, for example, in
one of the fields.

For instance, if a form has a to field, just enter a string like this:
"t...@test.com\nbcc:s...@spam.com" which will then send email to the
spam address as a bcc recipient. 


Reply via email to